castanet 0.0.1

data/lib/castanet/responses/ticket_validate.rl

@@ -0,0 +1,172 @@
+require 'castanet'
+
+%%{
+  machine ticket_validate;
+
+  action save_username { r.username = buffer; buffer = '' }
+  action save_failure_code { r.failure_code = buffer; buffer = '' }
+  action save_failure_reason { r.failure_reason = buffer.strip; buffer = '' }
+  action save_pgt_iou { r.pgt_iou = buffer; buffer = '' }
+  action save_proxy { r.proxies << buffer; buffer = '' }
+  action set_authenticated { r.ok = true }
+
+  include common "common.rl";
+
+  # Leaf tags
+  # ---------
+
+  pgt_iou = "<cas:proxyGrantingTicket>"
+            ticket @buffer
+            "</cas:proxyGrantingTicket>" %save_pgt_iou;
+  proxy   = "<cas:proxy>"
+            char_data @buffer
+            "</cas:proxy>" %save_proxy;
+  user    = "<cas:user>"
+            char_data @buffer
+            "</cas:user>" %save_username;
+
+  # Non-leaf tags
+  # -------------
+
+  authentication_failure_start    = "<cas:authenticationFailure code="
+                                     quote
+                                     failure_code %save_failure_code
+                                     quote
+                                     ">";
+  authentication_failure_end      = "</cas:authenticationFailure>";
+
+  authentication_success_start    = "<cas:authenticationSuccess>";
+  authentication_success_end      = "</cas:authenticationSuccess>";
+  proxies                         = "<cas:proxies>"
+                                    ( space* proxy space* )*
+                                    "</cas:proxies>";
+
+  # Top-level elements
+  # ------------------
+
+  ok_cas_st         = ( service_response_start
+                        space*
+                        authentication_success_start
+                        space*
+                        user
+                        space*
+                        pgt_iou?
+                        space*
+                        proxies?
+                        space*
+                        authentication_success_end
+                        space*
+                        service_response_end ) @set_authenticated;
+
+  failed_cas_st     = ( service_response_start
+                        space*
+                        authentication_failure_start
+                        failure_reason %save_failure_reason
+                        authentication_failure_end
+                        space*
+                        service_response_end );
+
+  main := ok_cas_st | failed_cas_st;
+}%%
+
+module Castanet::Responses
+  ##
+  # A parsed representation of responses from `/serviceValidate` or
+  # `/proxyValidate`.
+  #
+  # The responses for the above services are identical, so we implement their
+  # parser with the same state machine.
+  #
+  # The code in this class implements a state machine generated by Ragel.  The
+  # state machine definition is in ticket_validate.rl.
+  #
+  # @see http://www.jasig.org/cas/protocol CAS 2.0 protocol, sections 2.5, 2.6,
+  #   and appendix A
+  class TicketValidate
+    ##
+    # Whether or not this response passed CAS authentication.
+    #
+    # @return [Boolean]
+    attr_accessor :ok
+
+    alias_method :ok?, :ok
+
+    ##
+    # The failure code returned on authentication failure.
+    #
+    # @return [String, nil]
+    attr_accessor :failure_code
+
+    ##
+    # The reason given by the CAS server for authentication failure.
+    #
+    # @return [String, nil]
+    attr_accessor :failure_reason
+
+    ##
+    # The PGT IOU returned by an authentication success message.
+    #
+    # @return [String, nil]
+    attr_accessor :pgt_iou
+
+    ##
+    # A list of authentication proxies for this ticket.
+    #
+    # Each participant in an authentication chain adds one entry to this list.
+    # As an example, assume the existence of two services:
+    #
+    # 1. frontend
+    # 2. backend
+    #
+    # If `frontend` proxied access to `backend`, the proxy list would be
+    #
+    # 1. backend
+    # 2. frontend
+    #
+    # The proxy chain has an unbounded maximum length.  The proxy order
+    # specified in the CAS response is preserved.
+    #
+    # For proxy tickets that fail validation, this will be an empty list.  It
+    # should also be an empty list for service tickets too, although that's
+    # really up to the CAS server.
+    #
+    # Although this list is technically a valid component of an authentication
+    # response issued by `/serviceValidate`, it's really only applicable to
+    # proxy tickets.
+    #
+    # @see http://www.jasig.org/cas/protocol CAS 2.0 protocol, section 2.6.2
+    # @return [Array]
+    attr_accessor :proxies
+
+    ##
+    # The name of the owner of the validated service or proxy ticket.
+    #
+    # This information is only present on authentication success.
+    #
+    # @return [String, nil]
+    attr_accessor :username
+
+    ##
+    # Generates a {TicketValidate} object from a CAS response.
+    #
+    # @param [String] response the CAS response
+    # @return [TicketValidate}
+    def self.from_cas(response)
+      data = response.strip.unpack('U*')
+      buffer = ''
+
+      %% write init;
+
+      new.tap do |r|
+        %% write exec;
+      end
+    end
+
+    def initialize
+      self.ok = false
+      self.proxies = []
+    end
+
+    %% write data;
+  end
+end

data/lib/castanet/service_ticket.rb

@@ -0,0 +1,180 @@
+require 'castanet'
+
+require 'forwardable'
+require 'uri'
+
+module Castanet
+  class ServiceTicket
+    extend Forwardable
+    include Responses
+    include QueryBuilding
+
+    ##
+    # Set this to `true` to _not_ use HTTPS for CAS server communication.
+    #
+    # In almost all cases where CAS is used, there is no good reason to avoid
+    # HTTPS.  However, if you
+    #
+    #   1. need to have access to CAS server messages and
+    #   2. are in an isolated development environment
+    #
+    # then it may make sense to disable HTTPS.
+    #
+    # This is usually set by {Castanet::Client}.
+    #
+    # @return [Boolean]
+    attr_accessor :https_disabled
+
+    ##
+    # The proxy callback URL to use for service validation.
+    #
+    # @return [String, nil]
+    attr_accessor :proxy_callback_url
+
+    ##
+    # The URL of the service to use for retrieving PGTs.
+    #
+    # @return [String, nil]
+    attr_accessor :proxy_retrieval_url
+
+    ##
+    # The URL of the CAS server's serviceValidate service.
+    #
+    # @return [String, nil]
+    attr_accessor :service_validate_url
+
+    ##
+    # The wrapped service ticket.
+    #
+    # @return [String, nil]
+    attr_reader :ticket
+
+    ##
+    # The wrapped service URL.
+    #
+    # @return [String, nil]
+    attr_reader :service
+
+    ##
+    # The response from the CAS server.
+    #
+    # {ServiceTicket} sets this attribute whilst executing {#present!}, but it
+    # can be manually set for e.g. testing purposes.
+    #
+    # @return [#ok?, #pgt_iou]
+    attr_accessor :response
+
+    def_delegators :response, :ok?, :pgt_iou, :username
+
+    ##
+    # The PGT associated with this service ticket.
+    #
+    # This is set after a successful invocation of {#retrieve_pgt!}.
+    #
+    # @return [String, nil]
+    attr_accessor :pgt
+
+    def initialize(ticket, service)
+      @service = service
+      @ticket = ticket
+    end
+
+    ##
+    # Validates `ticket` for the service URL given in `service`.  If
+    # {#proxy_callback_url} is not nil, also attempts to retrieve the PGTIOU
+    # for this service ticket.
+    #
+    # CAS service tickets are one-time-use only
+    # =========================================
+    #
+    # This method checks `ticket` against `service` using the CAS server, so you
+    # must take care to only validate a given `ticket` _once_.
+    #
+    # Since ServiceTicket does not maintain any state with regard to whether a
+    # ServiceTicket instance has already been presented, multiple presentations
+    # of the same ticket will result in behavior like this:
+    #
+    #     st = service_ticket(ticket, service)
+    #     st.present!
+    #
+    #     st.ok? # => true
+    #
+    #     st.present!
+    #
+    #     st.ok? # => false
+    #
+    # @see http://www.jasig.org/cas/protocol CAS 2.0 protocol, sections 2.5 and
+    #   3.1.1
+    #
+    # @return void
+    def present!
+      uri = URI.parse(validation_url).tap do |u|
+        u.query = validation_parameters
+      end
+
+      http = Net::HTTP.new(uri.host, uri.port).tap do |h|
+        h.use_ssl = !https_disabled
+      end
+
+      http.start do |h|
+        cas_response = h.get(uri.to_s)
+
+        self.response = parsed_ticket_validate_response(cas_response.body)
+      end
+    end
+
+    ##
+    # Retrieves a PGT from {#proxy_retrieval_url} using the PGT IOU.
+    #
+    # CAS 2.0 does not specify whether PGTIOUs are one-time-use only.
+    # Therefore, Castanet does not prevent multiple invocations of
+    # `retrieve_pgt!`; however, it is safest to assume that PGTIOUs are
+    # one-time-use only.
+    #
+    # CAS 2.0 also does not specify the response format for proxy callbacks.
+    # `retrieve_pgt!` assumes that a `200` response from {#proxy_retrieval_url}
+    # will contain the PGT and only the PGT.
+    #
+    # The retrieved PGT will be written to {#pgt} if this method succeeds.
+    #
+    # @return void
+    def retrieve_pgt!
+      uri = URI.parse(proxy_retrieval_url).tap do |u|
+        u.query = query(['pgtIou', pgt_iou])
+      end
+
+      http = Net::HTTP.new(uri.host, uri.port).tap do |h|
+        h.use_ssl = !https_disabled
+      end
+
+      http.start do |h|
+        self.pgt = h.get(uri.to_s).body
+      end
+    end
+
+    protected
+
+    ##
+    # The URL to use for ticket validation.
+    #
+    # @return [String]
+    def validation_url
+      service_validate_url
+    end
+
+    private
+
+    ##
+    # Builds a query string for use with the `serviceValidate` service.
+    #
+    # @see http://www.jasig.org/cas/protocol CAS 2.0 protocol, section 2.5.1
+    # @param [String] ticket a service ticket
+    # @param [String] service a service URL
+    # @return [String] a query component of a URI
+    def validation_parameters
+      query(['ticket',  ticket],
+            ['service', service],
+            ['pgtUrl',  proxy_callback_url])
+    end
+  end
+end

data/lib/castanet/version.rb

@@ -0,0 +1,3 @@
+module Castanet
+  VERSION = '0.0.1'
+end

metadata

@@ -0,0 +1,184 @@
+--- !ruby/object:Gem::Specification 
+name: castanet
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- David Yip
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-03 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: autotest
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: ci_reporter
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: cucumber
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: mechanize
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: rack
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 0
+        version: "2.0"
+  type: :development
+  prerelease: false
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: webmock
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id007
+- !ruby/object:Gem::Dependency 
+  name: yard
+  requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id008
+description: A small, snappy CAS 2.0 client library for Ruby applications
+email: 
+- yipdw@northwestern.edu
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README.md
+- History.md
+- LICENSE
+- lib/castanet/client.rb
+- lib/castanet/proxy_ticket.rb
+- lib/castanet/proxy_ticket_error.rb
+- lib/castanet/query_building.rb
+- lib/castanet/responses/common.rl
+- lib/castanet/responses/proxy.rb
+- lib/castanet/responses/proxy.rl
+- lib/castanet/responses/ticket_validate.rb
+- lib/castanet/responses/ticket_validate.rl
+- lib/castanet/responses.rb
+- lib/castanet/service_ticket.rb
+- lib/castanet/version.rb
+- lib/castanet.rb
+has_rdoc: true
+homepage: ""
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: A CAS client library
+test_files: []
+